#!/bin/sh
# gentoo-setup.sh
#
# Version 1.2
#
# A modified original Webmin setup.sh script to comply with Gentoo specifics
#
# Modification done by: PhobosK <phobosk@kbfx.net>
#
# This script runs after the webmin archive is installed, and in the pkg_config() phase.
# It does setup the various config files of Webmin depending on if it is
# a new install, an upgrade or a reset.

LANG=
export LANG

if [ -z ${wadir} ]; then
	echo "You can't run this script outside of the 'emerge --config app-admin/webmin' command."
	exit 1
fi

# All things we do is from the Webmin install dir - $wadir
cd $wadir


# Are we hard resetting everything?
# If yes, we do:
# 1. Run the specific Webmin $wadir/run-uninstalls.pl
#	 It runs all uninstall.pl files in every module's folder.
#	 They delete all the set specific Webmin cron jobs.
#	 If bumping you should go through these files using the command:
#	 find . -name uninstall.pl -exec cat {} \; -print
# 2. Delete the whole /etc/webmin content, keeping only the gentoo .keep_* files
if [ "$reset" = "hard" ]; then
	echo "Running Webmin's specific uninstall procedures.. (Please ignore any possible errors)"
	(WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir LANG= "$wadir/run-uninstalls.pl")
	echo "..done"
	echo ""

	echo "Deleting the content of user's config folder: $config_dir .."
	find $config_dir ! -name '.keep_*' -delete 2>/dev/null
	echo "..done"
	echo ""
fi


# Are we soft resetting?
# If yes we do:
# - Delete the $config_dir/config file so we get new config values
if [ "$reset" = "soft" ]; then
	echo "Deleting the user's $config_dir/config file.."
	if [ -f "$config_dir/config" ]; then
		rm -f "$config_dir/config"
	fi
	echo "..done"
	echo ""
fi


# Get all available modules of this version
allmods=`echo */module.info | sed -e 's/\/module.info//g'`

# Get current Webmin version
ver=`cat "$wadir/version"`

if [ -r "$config_dir/config" ]; then
	upgrading=1
fi


# Check if upgrading from an old version
if [ "$upgrading" = 1 ]; then
	echo "Updating existant Webmin's config files.."

	# Get current var path
	if [ -r "$config_dir/var-path" ]; then
		_var_dir=`cat $config_dir/var-path`
		if [ -n ${_var_dir} ]; then
			var_dir=${_var_dir}
		fi
	fi

	# Get current perl path
	if [ -r "$config_dir/perl-path" ]; then
		_perl=`cat $config_dir/perl-path`
		if [ -n ${_perl} ]; then
			perl=${_perl}
		fi
	fi

	# Get old os name and version
	os_type=`grep "^os_type=" $config_dir/config | sed -e 's/os_type=//g'`
	os_version=`grep "^os_version=" $config_dir/config | sed -e 's/os_version=//g'`
	real_os_type=`grep "^real_os_type=" $config_dir/config | sed -e 's/real_os_type=//g'`
	real_os_version=`grep "^real_os_version=" $config_dir/config | sed -e 's/real_os_version=//g'`

	# Get port, ssl, no_ssl2, no_ssl3, ssl_redirect, no_sslcompression, ssl_honorcipherorder, no_tls1, no_tls1_1 and keyfile
	port=`grep "^port=" $config_dir/miniserv.conf | sed -e 's/port=//g'`
	ssl=`grep "^ssl=" $config_dir/miniserv.conf | sed -e 's/ssl=//g'`
	no_ssl2=`grep "^no_ssl2=" $config_dir/miniserv.conf | sed -e 's/no_ssl2=//g'`
	no_ssl3=`grep "^no_ssl3=" $config_dir/miniserv.conf | sed -e 's/no_ssl3=//g'`
	ssl_redirect=`grep "^ssl_redirect=" $config_dir/miniserv.conf | sed -e 's/ssl_redirect=//g'`
	ssl_honorcipherorder=`grep "^ssl_honorcipherorder=" $config_dir/miniserv.conf | sed -e 's/ssl_honorcipherorder=//g'`
	no_sslcompression=`grep "^no_sslcompression=" $config_dir/miniserv.conf | sed -e 's/no_sslcompression=//g'`
	no_tls1=`grep "^no_tls1=" $config_dir/miniserv.conf | sed -e 's/no_tls1=//g'`
	no_tls1_1=`grep "^no_tls1_1=" $config_dir/miniserv.conf | sed -e 's/no_tls1_1=//g'`
	keyfile=`grep "^keyfile=" $config_dir/miniserv.conf | sed -e 's/keyfile=//g'`

	# Update ACLs
	$perl "$wadir/newmods.pl" $config_dir $allmods

	# Update miniserv.conf with new root directory, mime types file and server info
	grep -v "^root=" $config_dir/miniserv.conf | grep -v "^mimetypes=" | grep -v "^server=" >$tempdir/$$.miniserv.conf
	mv $tempdir/$$.miniserv.conf $config_dir/miniserv.conf
	echo "root=$wadir" >> $config_dir/miniserv.conf
	echo "mimetypes=$wadir/mime.types" >> $config_dir/miniserv.conf
	echo "server=MiniServ/$ver" >> $config_dir/miniserv.conf
	grep logout= $config_dir/miniserv.conf >/dev/null
	if [ $? != "0" ]; then
		echo "logout=$config_dir/logout-flag" >> $config_dir/miniserv.conf
	fi

	# Remove old cache of module infos
	rm -f $config_dir/module.infos.cache
	echo "..done"
	echo ""
else
	# Create webserver's new config files
	echo "Creating Webmin's new config files.."

	echo $perl > $config_dir/perl-path
	echo $var_dir > $config_dir/var-path

	# Create a totally new conf file
	cfile=$config_dir/miniserv.conf
	echo "port=$port" > $cfile
	echo "root=$wadir" >> $cfile
	echo "mimetypes=$wadir/mime.types" >> $cfile
	echo "addtype_cgi=internal/cgi" >> $cfile
	echo "realm=Webmin Server" >> $cfile
	echo "logfile=$var_dir/miniserv.log" >> $cfile
	echo "errorlog=$var_dir/miniserv.error" >> $cfile
	echo "pidfile=$pidfile" >> $cfile
	echo "logtime=168" >> $cfile
	echo "ppath=$ppath" >> $cfile
	echo "ssl=$ssl" >> $cfile
	echo "no_ssl2=$no_ssl2" >> $cfile
	echo "no_ssl3=$no_ssl3" >> $cfile
	echo "ssl_redirect=$ssl_redirect" >> $cfile
	echo "ssl_honorcipherorder=$ssl_honorcipherorder" >> $cfile
	echo "no_sslcompression=$no_sslcompression" >> $cfile
	echo "no_tls1=$no_tls1" >> $cfile
	echo "no_tls1_1=$no_tls1_1" >> $cfile
	echo "keyfile=$keyfile" >> $cfile
	echo "env_WEBMIN_CONFIG=$config_dir" >> $cfile
	echo "env_WEBMIN_VAR=$var_dir" >> $cfile
	echo "atboot=$atboot" >> $cfile
	echo "logout=$config_dir/logout-flag" >> $cfile
	echo "listen=10000" >> $cfile
	echo "denyfile=\\.pl\$" >> $cfile
	echo "log=1" >> $cfile
	echo "blockhost_failures=5" >> $cfile
	echo "blockhost_time=60" >> $cfile
	echo "syslog=1" >> $cfile
	echo "session=1" >> $cfile
	echo "premodules=WebminCore" >> $cfile
	echo "server=MiniServ/$ver" >> $cfile

	# Append package-specific info to config file.
	# miniserv-conf can be created by upstream or by us in src_install phase (see there).
	if [ -f "$wadir/miniserv-conf" ]; then
		cat "$wadir/miniserv-conf" >>$cfile
	fi

	# Create the default user allowed to login - root only
	login="root"

	if [ -r /etc/shadow ]; then
		#crypt=`grep "^root:" /etc/shadow | cut -f 2 -d :`
		crypt=x
	else
		crypt=`grep "^root:" /etc/passwd | cut -f 2 -d :`
	fi

	ufile=$config_dir/miniserv.users
	echo "$login:$crypt:0" > $ufile
	chmod 600 $ufile


	echo "userfile=$ufile" >> $cfile
	chmod 600 $cfile
	echo "..done"
	echo ""

	echo "Creating access control file.."
	afile=$config_dir/webmin.acl
	echo "$login: $allmods" > $afile
	chmod 600 $afile
	echo "..done"
	echo ""
fi


# Create start, stop, restart and reload Gentoo compliant Webmin scripts
# We use sys-apps/openrc functions which is already pulled by sys-apps/baselayout
# or systemctl if we run under systemd
echo "Creating start and stop scripts.."
rm -f $config_dir/{start,stop,restart,reload}

# The start script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/start"
#!/bin/sh

if [ ! -f "${pidfile}" ]; then
	if [[ -d /run/systemd/system ]] ; then
		systemctl start webmin.service
	else
		rc-service --ifexists -- webmin start
	fi
fi
END

# The stop script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/stop"
#!/bin/sh

if [[ -d /run/systemd/system ]] ; then
	systemctl stop webmin.service
else
	rc-service --ifexists -- webmin --ifstarted stop
fi
END

# The restart script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/restart"
#!/bin/sh

if [[ -d /run/systemd/system ]] ; then
	systemctl try-restart webmin.service
else
	rc-service --ifexists -- webmin --ifstarted restart
fi
END

# The reload script in /etc/webmin (Gentoo compliant)
cat <<END >>"$config_dir/reload"
#!/bin/sh

if [[ -d /run/systemd/system ]] ; then
	systemctl reload-or-try-restart webmin.service
else
	rc-service --ifexists -- webmin --ifstarted reload
fi
END

chmod 755 $config_dir/{start,stop,restart,reload}
echo "..done"
echo ""


if [ "$upgrading" = 1 ]; then
	echo "Updating other config files.."
else
	echo "Copying other config files.."
fi

# This just copies and merges the Webmin's release config files, with user's in the /etc/webmin folder
newmods=`$perl "$wadir/copyconfig.pl" "$os_type/$real_os_type" "$os_version/$real_os_version" "$wadir" $config_dir "" $allmods`
if [ "$upgrading" != 1 ]; then
	# Store the OS and version
	echo "os_type=$os_type" >> $config_dir/config
	echo "os_version=$os_version" >> $config_dir/config
	echo "real_os_type=$real_os_type" >> $config_dir/config
	echo "real_os_version=$real_os_version" >> $config_dir/config

	# Turn on logging by default
	echo "log=1" >> $config_dir/config

	# Disallow unknown referers by default
	echo "referers_none=1" >>$config_dir/config
else
	# one-off hack to set log variable in config from miniserv.conf
	grep log= $config_dir/config >/dev/null
	if [ "$?" = "1" ]; then
		grep log= $config_dir/miniserv.conf >> $config_dir/config
		grep logtime= $config_dir/miniserv.conf >> $config_dir/config
		grep logclear= $config_dir/miniserv.conf >> $config_dir/config
	fi

	# Disallow unknown referers if not set
	grep referers_none= $config_dir/config >/dev/null
	if [ "$?" != "0" ]; then
		echo "referers_none=1" >>$config_dir/config
	fi
fi
echo $ver > $config_dir/version
echo "..done"
echo ""

# Set passwd_ fields in miniserv.conf from global config
for field in passwd_file passwd_uindex passwd_pindex passwd_cindex passwd_mindex; do
	grep $field= $config_dir/miniserv.conf >/dev/null
	if [ "$?" != "0" ]; then
		grep $field= $config_dir/config >> $config_dir/miniserv.conf
	fi
done
grep passwd_mode= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo passwd_mode=0 >> $config_dir/miniserv.conf
fi

grep ssl_honorcipherorder= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo ssl_honorcipherorder=1 >> $config_dir/miniserv.conf
fi

# Disable SSL compression to defeat BEAST attack
grep no_sslcompression= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo no_sslcompression=1 >> $config_dir/miniserv.conf
fi

# Tighten SSL security
grep no_ssl2= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo no_ssl2=1 >> $config_dir/miniserv.conf
fi

grep no_ssl3= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo no_ssl3=1 >> $config_dir/miniserv.conf
fi

grep no_tls1= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
    echo no_tls1=1 >> $config_dir/miniserv.conf
fi

grep no_tls1_1= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
    echo no_tls1_1=1 >> $config_dir/miniserv.conf
fi

# Make Perl crypt MD5 the default
grep md5pass= $config_dir/config >/dev/null
if [ "$?" != "0" ]; then
	echo md5pass=1 >> $config_dir/config
fi

# Set a special theme if none was set before
if [ "$theme" = "" ]; then
	theme=`cat "$wadir/defaulttheme" 2>/dev/null`
fi
oldthemeline=`grep "^theme=" $config_dir/config`
oldtheme=`echo $oldthemeline | sed -e 's/theme=//g'`
if [ "$theme" != "" ] && [ "$oldthemeline" = "" ] && [ -d "$wadir/$theme" ]; then
	themelist=$theme
fi

# Set a special overlay if none was set before
if [ "$overlay" = "" ]; then
	overlay=`cat "$wadir/defaultoverlay" 2>/dev/null`
fi
if [ "$overlay" != "" ] && [ "$theme" != "" ] && [ -d "$wadir/$overlay" ]; then
	themelist="$themelist $overlay"
fi

# Apply the theme and maybe overlay
if [ "$themelist" != "" ]; then
	echo "theme=$themelist" >> $config_dir/config
	echo "preroot=$themelist" >> $config_dir/miniserv.conf
fi

# If the old blue-theme is still in use, change it (new in 1.730)
oldtheme=`grep "^theme=" $config_dir/config | sed -e 's/theme=//g'`
if [ "$oldtheme" = "blue-theme" ]; then
   sed -i -e 's/theme=blue-theme/theme=gray-theme/g' $config_dir/config
   sed -i -e 's/preroot=blue-theme/preroot=gray-theme/g' $config_dir/miniserv.conf
fi

# Set the product field in the global config
grep product= $config_dir/config >/dev/null
if [ "$?" != "0" ]; then
	echo product=webmin >> $config_dir/config
fi

# If password delays are not specifically disabled, enable them
grep passdelay= $config_dir/miniserv.conf >/dev/null
if [ "$?" != "0" ]; then
	echo passdelay=1 >> $config_dir/miniserv.conf
fi


echo "Changing ownership and permissions.."
# Make all config dirs non-world-readable
for m in $newmods; do
	chown -R root:root $config_dir/$m
	chmod -R og-rw $config_dir/$m
done

# Make miniserv config files non-world-readable
for f in miniserv.conf miniserv.users; do
	chown -R root:root $config_dir/$f
	chmod -R og-rw $config_dir/$f
done
chmod +r $config_dir/version

# Fix up bad permissions from some older installs
for m in ldap-client ldap-server ldap-useradmin mailboxes mysql postgresql servers virtual-server; do
	if [ -d "$config_dir/$m" ]; then
		chown root:root $config_dir/$m
		chmod og-rw $config_dir/$m
		chmod og-rw $config_dir/$m/config 2>/dev/null
	fi
done
echo "..done"
echo ""


# This executes all postinstall.pl for every module
# If you do bump, you should look at the specific changes they do with this command in root folder:
# find . -name postinstall.pl -exec cat {} \; -print
# Generally they are safe to run 'cause they change only user's config in /etc/webmin
# or setup some cron jobs
if [ "$nopostinstall" = "" ]; then
	echo "Running postinstall scripts.. (Please ignore any possible errors)"
	(cd "$wadir" ; WEBMIN_CONFIG=$config_dir WEBMIN_VAR=$var_dir "$wadir/run-postinstalls.pl")
	echo "..done"
	echo ""
fi

# Enable background collection
if [ "$upgrading" != 1 -a -r $config_dir/system-status/enable-collection.pl ]; then
	echo "Enabling background status collection.. (Please ignore any possible errors)"
	$config_dir/system-status/enable-collection.pl 5
	echo "..done"
	echo ""
fi
